White House Responds to CISPA Petition, Concerned About Privacy

The White House today formally replied to an online petition calling for the demise of CISPA, reiterating that while it supports information sharing in order to stop a cyber attack, the bill does not go far enough on privacy.

The White House today formally replied to an online petition calling for the demise of CISPA, reiterating that while it supports information sharing in order to stop a cyber attack, it does not believe the bill goes far enough on privacy.

"Even though a bill went on to pass the House of Representatives and includes some important improvements over previous versions, this legislation still doesn't adequately address our fundamental concerns," according to Todd Park, U.S. chief technology officer, and Michael Daniel, cyber-security coordinator.

The petition, calling for a stop to the Cyber Intelligence Sharing and Protection Act (CISPA), earned 117,576 e-signatures via the White House's "We the People" site earlier this year, besting the 100,000-signature threshold required for a formal White House response.

CISPA would allow for voluntary information sharing between private companies and the government in the event of a cyber attack. If the government detects a cyber attack that might take down Facebook or Google, for example, they could notify those companies. At the same time, Facebook or Google could inform the feds if they notice unusual activity on their networks that might suggest a cyber attack.

In their response, Park and Daniel said that if a company discovers "that a hacker has broken into its network and is stealing its customers' information (violating their privacy in the process), that company should be able to share what it learns about the intrusion efficiently - how the hacker got in, what he did while inside, and what he looked for - with the government and other companies. The government and other businesses would then be able to use this information from the hacker, not his victim, to help prevent future intrusions."

This already happens to a certain degree, but the process is inefficient, they said. The administration agrees that there needs to be "clearer rules to promote collaboration and protect privacy." But CISPA does not accomplish that to the White House's satisfaction, they wrote.

Park and Daniel said CISPA needs three things before the White House could consider supporting it: a guarantee that information shared only relates to the cyber attack at hand (a utility company shouldn't have to disclose user information if it's informing the feds about a hack); a provision that says a civilian agency, not an intelligence one, will handle data; and no "broad immunity" for businesses that "act in ways likely to cause damage to third parties or result in the unwarranted disclosure of personal information."

About the Author

Before joining PCMag.com, Chloe covered financial IT for Incisive Media in NYC and technology policy for The National Journal's Technology Daily in Washington, DC. She has held internships at NBC's Meet the Press, washingtonpost.com, the Tate Gallery press office in London, Roll Call, and Congressional Quarterly. She graduated with a bachelor's deg... See Full Bio

Get Our Best Stories!

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.